Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protocol-05
Rob Austein <sra@hactrn.net> Fri, 28 September 2012 14:17 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5069E21F8630 for <sidr@ietfa.amsl.com>; Fri, 28 Sep 2012 07:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.67
X-Spam-Level:
X-Spam-Status: No, score=-99.67 tagged_above=-999 required=5 tests=[AWL=-2.929, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_NET=0.611, HOST_EQ_NL=1.545, HOST_EQ_STATIC=1.172, RCVD_IN_SORBS_DUL=0.877, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMjSAYm2lU-c for <sidr@ietfa.amsl.com>; Fri, 28 Sep 2012 07:17:22 -0700 (PDT)
Received: from cyteen.hactrn.net (cyteen.hactrn.net [IPv6:2002:425c:4242:0:210:5aff:fe86:1f54]) by ietfa.amsl.com (Postfix) with ESMTP id 72A7621F8622 for <sidr@ietf.org>; Fri, 28 Sep 2012 07:17:22 -0700 (PDT)
Received: from minas-ithil.hactrn.net (095-097-128-052.static.chello.nl [95.97.128.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by cyteen.hactrn.net (Postfix) with ESMTPS id BF7559B429 for <sidr@ietf.org>; Fri, 28 Sep 2012 14:17:20 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [127.0.0.1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 662857DD08D for <sidr@ietf.org>; Fri, 28 Sep 2012 16:17:19 +0200 (CEST)
Date: Fri, 28 Sep 2012 16:17:19 +0200
From: Rob Austein <sra@hactrn.net>
To: sidr <sidr@ietf.org>
In-Reply-To: <5065ABF9.6050303@bbn.com>
References: <24B20D14B2CD29478C8D5D6E9CBB29F625F706AF@CMA-MB003.columbia.ads.sparta.com> <20120927165848.2BECA7DC673@minas-ithil.hactrn.net> <5065ABF9.6050303@bbn.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20120928141719.662857DD08D@minas-ithil.hactrn.net>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protocol-05
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2012 14:17:23 -0000
At Fri, 28 Sep 2012 09:54:01 -0400, Stephen Kent wrote: > > >> 4.1. Originating a New BGPSEC Update > > ... > >> In particular, this AS number MUST match the AS number in > >> the AS number resource extension field of the Resource PKI end-entity > >> certificate(s) that will be used to verify the digital signature(s) > >> constructed by this BGPSEC speaker. > > "The" or "an"? Is it legal for the EE certificate to cover more RFC > > 3779 resources than just a single ASN? > yes, an EE cert can contain multiple ASNs, if they were allocated to the > cert holder by the same parent. I know that RFC 3779 allows multiple ASNs, having implemented it. :) What I'm asking is whether it was Matt's intent to restrict BGPSEC to requiring that only a single ASN be certified in the relevant EE certificate. I do not recall any such restriction during earlier discussions of this protocol, which is why I flagged it. > >> 6.1. Algorithm Suite Considerations > > ... > >> To this end, a mandatory algorithm suites document will be created > >> which specifies a mandatory-to-use 'current' algorithm suite for use > >> by all BGPSEC speakers [12]. Additionally, the document specifies an > >> additional 'new' algorithm suite that is recommended to implement. > > Badly phrased, unless the real intent here is to say that we're going > > to pick both the current and next algorithms right off the bat, which > > seems unlikely to me. I think it would be more correct to say that > > we will specify an initial mandatory algorithm suite, and, once we > > have some idea of what the next algorithm should be, we will publish > > a series of updated documents phasing in the new one and (eventually, > > years later) phasing out the old one. > that would be consistent with the alg migration strategy described in > draft-ietf-sidr-algorithm-agility-07 I assume (please correct if wrong) that your comment refers to my suggested rephrasing being consistent with the algorithm migration strategy.
- [sidr] WGLC for draft-ietf-sidr-bgpsec-protocol-05 Murphy, Sandra
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… George, Wes
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Murphy, Sandra
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… George, Wes
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Danny McPherson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Sean Turner
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Danny McPherson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Christopher Morrow
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Murphy, Sandra
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Brian Dickson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Christopher Morrow
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Brian Dickson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Brian Dickson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Randy Bush
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Christopher Morrow
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Christopher Morrow
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Osterweil, Eric
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Randy Bush
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Danny McPherson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Danny McPherson
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Randy Bush
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Rob Austein
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Stephen Kent
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Rob Austein
- Re: [sidr] WGLC for draft-ietf-sidr-bgpsec-protoc… Stephen Kent